Making freeradius 3 in ubuntu 18 look at the mysql nas table for client "secret"

I am running freeradius from the same computer that I am running "radtest" from.

I can get get an "accept" message with user password coming from either "users" file or mysql , and can get client "secret" from clients.conf file, but can't figure out how to get freeradius to look at mysql for the client "secret".

Do I have to somehow disable or override the entry in "cients.conf"?

Here's a summary of file entries, mysql, and test results:

/etc/freeradius/3.0/clients.conf    #client localhost with secret testing123
/etc/freeradius/3.0/users           #testing Cleartext-Password := "testpwd"
/etc/freeradius/3.0/mods-available/sql  #read_clients = yes  (/etc/freeradius/3.0/sites- enabled/sql points here)

SELECT * FROM radgroupreply LIMIT 10;
| id | groupname | attribute            | op | value               |
|  1 | dynamic   | Framed-Compression   | := | Van-Jacobsen-TCP-IP |
|  2 | dynamic   | Framed-Protocol      | := | PPP                 |
|  3 | dynamic   | Service-Type         | := | Framed-User         |
|  4 | dynamic   | Framed-MTU           | := | 1500                |
|  5 | 2048-1024 | Motorola-Canopy-ULBR | =  | 1024                |
|  6 | 2048-1024 | Motorola-Canopy-ULBL | =  | 500000              |

mysql> SELECT * FROM radusergroup LIMIT 10;
| username          | groupname | priority |
| fredf             | dnamic    |        2 |
| 0a-00-3e-89-35-32 | 2048-1024 |        2 |

mysql> SELECT * FROM radcheck LIMIT 10; 
| id | username          | attribute          | op | value       |
|  3 | fredf             | Cleartext-Password | := | wilma       |
|  6 | 0a-00-3e-89-35-32 | Cleartext-Password | := | passwordsql |

mysql> SELECT * FROM radreply LIMIT 10;
| id | username | attribute                 | op | value |
|  1 | fredf    | Motorola-Canopy-UserLevel | =  | 3     |
|  2 | testuser | Motorola-Canopy-UserLevel | =  | 3     |

mysql> SELECT * FROM nas LIMIT 10; 
| id | nasname   | shortname | type | ports | secret  | server    | community | description |
|  1 | 10.10.2.2 | Griz450NW | 1    |  1812 | naspass | localhost | ISReader  | Griz450NW   |

radtest testing testpwd 127.0.0.1 0 testing123                  #works
  Received Access-Accept Id 107 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
radtest fredf wilma 127.0.0.1 0 testing123                      #works
  Received Access-Accept Id 242 from 127.0.0.1:1812 to 0.0.0.0:0 length 32
  Motorola-WiMAX-Home-BTS = 0x00000003
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 testing123    #works
  Received Access-Accept Id 27 from 127.0.0.1:1812 to 0.0.0.0:0 length 44
  Motorola-Canopy-ULBR = 1024
  Motorola-Canopy-ULBL = 500000
radtest 0a-00-3e-89-35-32 passwordsql 127.0.0.1 0 naspass       #doesn't work
  Radius -X output: Dropping packet without response because of error: Received packet from 127.0.0.1 with invalid Message-Authenticator!  (Shared secret is incorrect.)

The NAS table entry worked once I changed the "nasname" to "127.0.0.1" and disabled the client in clients.conf (I just changed "ipaddr" from "127.0.0.1" to "127.0.0.2").